From patchwork Fri Jan 15 17:21:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Babu Moger X-Patchwork-Id: 12023399 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9951C433E6 for ; Fri, 15 Jan 2021 17:22:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 88EA8239D0 for ; Fri, 15 Jan 2021 17:22:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731151AbhAORWa (ORCPT ); Fri, 15 Jan 2021 12:22:30 -0500 Received: from mail-bn8nam11on2054.outbound.protection.outlook.com ([40.107.236.54]:28768 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729599AbhAORW2 (ORCPT ); Fri, 15 Jan 2021 12:22:28 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CwmjpScehQiq2MnDuB3Sx3JC+sjT8Ui0SH7Ke17191gb8ECebA1V8tDk1AzgyPbQnBWM+PAYGBZqINz5DNitd96Qv6n/YD/f3mL5YWT8xM7n32Vl0KPg2R2vMD6osjangg/5DkEkiGLyhyRAkXT6DUiNty/ZDCZP9qLxjhdmcgrwWif08zZvwqfo9SRD9hFpMK+UOyBosXeX631ZwyhTGDsCoEe88b1aHPsaTWxu5dn9RxSYZpXAx7MB/jqDFa3qwVB3tz4aW8DGHe7MyjhSn3tKHVvQe7v42h8FndXRL5zZSrYQDJi3wSTtKAiGlHaPTMXDYMThbCvTXZufnbrNHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CF4J1hbbttjCvzB0KcY0I9jxXx45BP3e7FK7pX8dQ8Q=; b=b4lTpWAT9ltXZxX8d5Ytp96x3tYxMWcmmHcDGujcGDX6KfRFsQiQkHwxAejHFgIbqTtL1dWd7GtjVsFMcUr8iNYp4ggTsJmb41yKtFvZnl9FHFoCQDzAcqvxMuVU4qnb6lStr9+Kq+Re3YoeyO4QWIAPIot8CB5ZicMOoEh7mxerb/Ep0kP/R6l2N1ISeiVP2zT4/oXDyHKu6r76WZ87vCzTjMgVm85WWqMdDgbfWz9Kg+gBqR/AxJI1AQpXrdidgsYQYXRMH0/NRxwN7/BojB1uIKI1kFT/+BeQ55T38bPfnOi6l60UmZqNbnULDLVg0gU2g/zTy0u6vB9z/eSLqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CF4J1hbbttjCvzB0KcY0I9jxXx45BP3e7FK7pX8dQ8Q=; b=HyhYPihc5ipyZFIaFUpBumFNu34lTt1aMLJXQDA9VJ/lQ4BjukLKvDU4INRRvTGAtiRXfi8zLKk+zWhRtew79QwFhAYRwsYwcDnrrhDhtTi+UJHV+eRR507SbI1n+9mAjhPPJwWglteJq+aM6km8z0oMaVoefOe65MBLXHJoDFs= Authentication-Results: tencent.com; dkim=none (message not signed) header.d=none;tencent.com; dmarc=none action=none header.from=amd.com; Received: from SN1PR12MB2560.namprd12.prod.outlook.com (2603:10b6:802:26::19) by SN6PR12MB2736.namprd12.prod.outlook.com (2603:10b6:805:75::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.8; Fri, 15 Jan 2021 17:21:35 +0000 Received: from SN1PR12MB2560.namprd12.prod.outlook.com ([fe80::8c0e:9a64:673b:4fff]) by SN1PR12MB2560.namprd12.prod.outlook.com ([fe80::8c0e:9a64:673b:4fff%5]) with mapi id 15.20.3763.010; Fri, 15 Jan 2021 17:21:35 +0000 Subject: [PATCH v3 1/2] x86/cpufeatures: Add the Virtual SPEC_CTRL feature From: Babu Moger To: pbonzini@redhat.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de Cc: fenghua.yu@intel.com, tony.luck@intel.com, wanpengli@tencent.com, kvm@vger.kernel.org, thomas.lendacky@amd.com, peterz@infradead.org, seanjc@google.com, joro@8bytes.org, x86@kernel.org, kyung.min.park@intel.com, linux-kernel@vger.kernel.org, krish.sadhukhan@oracle.com, hpa@zytor.com, mgross@linux.intel.com, vkuznets@redhat.com, kim.phillips@amd.com, wei.huang2@amd.com, jmattson@google.com Date: Fri, 15 Jan 2021 11:21:33 -0600 Message-ID: <161073129332.13848.9112749469874197137.stgit@bmoger-ubuntu> In-Reply-To: <161073115461.13848.18035972823733547803.stgit@bmoger-ubuntu> References: <161073115461.13848.18035972823733547803.stgit@bmoger-ubuntu> User-Agent: StGit/0.17.1-dirty X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0136.namprd11.prod.outlook.com (2603:10b6:806:131::21) To SN1PR12MB2560.namprd12.prod.outlook.com (2603:10b6:802:26::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [127.0.1.1] (165.204.77.1) by SA0PR11CA0136.namprd11.prod.outlook.com (2603:10b6:806:131::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.11 via Frontend Transport; Fri, 15 Jan 2021 17:21:33 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7af23dba-4bfc-48bf-942c-08d8b97a01f7 X-MS-TrafficTypeDiagnostic: SN6PR12MB2736: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1388; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cAQUXRplne8pWQ8X932D3ndcMZM8RVToZUKKpM7FZsEx4RRh+glED85Ts8pXj3EW3GJ348zICpqNrbOjUC0XZxaguWyW9/UTZ/WQmWqcTCded1VE3KeHcm06ywT6Ensya8YeIRRMTD/i28imLA26YX3HqZlwtCl95hTm574+04rmw3CNYlah03bzu6Eiy9v2tDrXFqcxs+g9SPwLMMDDE9jet4TKKCu6p8Rluebo0LGU32Ii5IZCsszktZFSBWF/YTm2dKkAEeXntZCYQ9FdBCvppTvDbN5+Pksa2tl+nM/HDd+EPmQvNmc3SGCjz4MopuZUNgUc/oUIJO4h1O7bTgA/OcZn5hZB7rFshiYXIlLuraqIWMwV1kJv4GEqLa3TTiC1lwZ9eIaleWD2Lv5nZQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN1PR12MB2560.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(7916004)(4636009)(346002)(39860400002)(366004)(136003)(376002)(396003)(956004)(4326008)(316002)(5660300002)(86362001)(8676002)(44832011)(478600001)(8936002)(16576012)(9686003)(6486002)(7416002)(66476007)(26005)(16526019)(66946007)(186003)(52116002)(33716001)(66556008)(2906002)(103116003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?r5RIQ4N52GDdQlGN1ZpYFCpjDdErbQ?= =?utf-8?q?X83aYr8Flg0gNtt4ebNh0C6Tu/Hr/C1pne/2rJl8/3E9zLhIboOtE18425LlRrba4?= =?utf-8?q?7fGnMGMWouDSD8Ycph5KoW4JRgUgUBzvV8Ac7PyGAFfsv81kVLvzNLScfvDISY/rD?= =?utf-8?q?dCjvBaI3wbe+RA2W3HYwdvat7kfIevMSJyiEXSTB51lrMQSFQi9kpCV2watTJ39Y6?= =?utf-8?q?4O0bOTycO9hwCXTB4U21yHI/+8LJivNqXC/917KHds21i6m7SxNFihhTT3Sc26zcF?= =?utf-8?q?A9VRdP9g95Wii9f2Mt9UIKFUjR+tPA5mtybrVT6Pv+2xlVYviDaF4ceY1E2Ko2tpI?= =?utf-8?q?cud0Z0t+VWgL4LgaE8qj5RZ86h2XpAbn1lU+xB4VqGHg4cqa5vQfsIiWhxrLjYaTc?= =?utf-8?q?aUFiUGLKj596mSauQurPK0kw+5FMLTHdk2wNXXeYgRbe0OZC/3bTkazRkH4gEWl/W?= =?utf-8?q?CAzr39fYowGzzU5Sv7JLyDmINKVq1+W4YNgBAOqryS8jyH4LsSNqEc+lRV1e7ldwu?= =?utf-8?q?pAagHLd8gS/1PonLKJveu3GboF/WG9MV1z8tgFd20HA15VPA5cDaGRCHDY4wId7S/?= =?utf-8?q?Hz757P1vAp+RSx5wo4UXLGQGyWgYDbm+sntq1+gXr4KmGlw4MwHUl4o25AipVYqjh?= =?utf-8?q?Jb5qegquCVfe2QMv5GBaFf2RPq0D5QUEekzxGCUhDMd21bFYeiZzqObct4dRQa15y?= =?utf-8?q?P7nQmc3o69QeL3OV26psnEj4cUPJCPjSadELuXX9xyKjr0MSuat5j6pwOy/IojuT7?= =?utf-8?q?Lzttjql49Y/+7Ip5PN6SghAoAS2BHLeuxap1wOGgsF8MSgwP7skmDGTR9nbL1dGs/?= =?utf-8?q?zNCDoFbYaPwo7U8hm7qFZGXTCrwIC6JJcTxwn891QRZCmxXbK6GbPZqioTDwylkZn?= =?utf-8?q?dhkI+kCIPs1lC+CFzRc82cOTWZ4mlmPYepjK6hGxoZmC7AhHjVntfuLj6v2nzb0?= =?utf-8?q?=3D?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7af23dba-4bfc-48bf-942c-08d8b97a01f7 X-MS-Exchange-CrossTenant-AuthSource: SN1PR12MB2560.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jan 2021 17:21:35.0302 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EuKQjiAa0tXpvAENDcNBAN6Z9RsYxmBNpjJ3Zrd4KOZq6pvVvIiWJZc0JEBj6t4W X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2736 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Newer AMD processors have a feature to virtualize the use of the SPEC_CTRL MSR. Presence of this feature is indicated via CPUID function 0x8000000A_EDX[20]: GuestSpecCtrl. When present, the SPEC_CTRL MSR is automatically virtualized. Signed-off-by: Babu Moger Acked-by: Borislav Petkov --- arch/x86/include/asm/cpufeatures.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 84b887825f12..3fcd0624b1bc 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -337,6 +337,7 @@ #define X86_FEATURE_AVIC (15*32+13) /* Virtual Interrupt Controller */ #define X86_FEATURE_V_VMSAVE_VMLOAD (15*32+15) /* Virtual VMSAVE VMLOAD */ #define X86_FEATURE_VGIF (15*32+16) /* Virtual GIF */ +#define X86_FEATURE_V_SPEC_CTRL (15*32+20) /* Virtual SPEC_CTRL */ /* Intel-defined CPU features, CPUID level 0x00000007:0 (ECX), word 16 */ #define X86_FEATURE_AVX512VBMI (16*32+ 1) /* AVX512 Vector Bit Manipulation instructions*/ From patchwork Fri Jan 15 17:21:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Babu Moger X-Patchwork-Id: 12023403 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55034C433DB for ; Fri, 15 Jan 2021 17:23:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 16F362399A for ; Fri, 15 Jan 2021 17:23:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728714AbhAORWt (ORCPT ); Fri, 15 Jan 2021 12:22:49 -0500 Received: from mail-co1nam11on2062.outbound.protection.outlook.com ([40.107.220.62]:31456 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727975AbhAORWt (ORCPT ); Fri, 15 Jan 2021 12:22:49 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Or7z3oX1/5D7FICa9EfJnmaxROBCyNnna8YzMhWSosEW/EjZ2GiturqUyKP0OB3bc4+aSGRO631umlqtrm8HvViQJc7v6GoXHUVrM4tYgHnEJZGj3hL8wsOQHWXBSYQYsgMRRarDJdegL7VAFF140PBC3nx3s0DBZXGX9U+yLR1P3vGeyjZNh6H3lzkPzafosmveQS3cSST1SLOS25/FnDdn3h0JT8VRRaAKJZXBlDHwMs/4zs11TqhzZHLhX9DyrJ4D1VLVHRm63H5xOZ2oiDYhOjy+kgI5b777u+ujii833oKxJciaFnMFGR16TLtzkoyBN+5waq9CI7V8dw3XDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4Q93GfI1y4S19Pvk1QPlF+hZ2LFWYLsozgShUiI1Zco=; b=BOBqTH+sIZcuxxachP5YJSQE2AIMM+cqFdnU1KU4qhWKNVMpOjjX4J2nvtp55hAb7Tr9SooK+Fyax/zQV0pen4sNWHId8JW5nGJo/l0bcbOMpCUPFOzYC5/8JWJPhmGlzz0irAnYhLDLZyqeQ26RlyTuAAoh8V1TKv1KK62UO5MUK3evzfZ1rM5/AebWzeE4jmNi4NxmtYnVDgsQs/fYamRmjjqfMZbLJ2dH/u6JXysTtEQdr1/MUF4iuDzLVquFvozK7DRUy7RgyZqk0NFMBpAI6NI6uD13U1QqFkLrbLJs1s207eY77h7PZmJkClP3+sMHzs67Mxx1xBaruspZ0w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4Q93GfI1y4S19Pvk1QPlF+hZ2LFWYLsozgShUiI1Zco=; b=JkUGquL9rUplEG5+4yY08jz6C2sGhO+DVOhB5G0mIsP21K2J8XqgI91VRnhmjDSXx9ZZQ3BokqkaIQYXNS51RRLzYJ4K+FADoit6V7ScIWEAAAaISsXqQwat0/REHYpEPX7jjQGnAUNmAGoEGdsWMtUEtRWnyt/w1i6k33ysB70= Authentication-Results: tencent.com; dkim=none (message not signed) header.d=none;tencent.com; dmarc=none action=none header.from=amd.com; Received: from SN1PR12MB2560.namprd12.prod.outlook.com (2603:10b6:802:26::19) by SA0PR12MB4383.namprd12.prod.outlook.com (2603:10b6:806:94::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.9; Fri, 15 Jan 2021 17:21:57 +0000 Received: from SN1PR12MB2560.namprd12.prod.outlook.com ([fe80::8c0e:9a64:673b:4fff]) by SN1PR12MB2560.namprd12.prod.outlook.com ([fe80::8c0e:9a64:673b:4fff%5]) with mapi id 15.20.3763.010; Fri, 15 Jan 2021 17:21:57 +0000 Subject: [PATCH v3 2/2] KVM: SVM: Add support for Virtual SPEC_CTRL From: Babu Moger To: pbonzini@redhat.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de Cc: fenghua.yu@intel.com, tony.luck@intel.com, wanpengli@tencent.com, kvm@vger.kernel.org, thomas.lendacky@amd.com, peterz@infradead.org, seanjc@google.com, joro@8bytes.org, x86@kernel.org, kyung.min.park@intel.com, linux-kernel@vger.kernel.org, krish.sadhukhan@oracle.com, hpa@zytor.com, mgross@linux.intel.com, vkuznets@redhat.com, kim.phillips@amd.com, wei.huang2@amd.com, jmattson@google.com Date: Fri, 15 Jan 2021 11:21:40 -0600 Message-ID: <161073130040.13848.4508590528993822806.stgit@bmoger-ubuntu> In-Reply-To: <161073115461.13848.18035972823733547803.stgit@bmoger-ubuntu> References: <161073115461.13848.18035972823733547803.stgit@bmoger-ubuntu> User-Agent: StGit/0.17.1-dirty X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0501CA0119.namprd05.prod.outlook.com (2603:10b6:803:42::36) To SN1PR12MB2560.namprd12.prod.outlook.com (2603:10b6:802:26::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [127.0.1.1] (165.204.77.1) by SN4PR0501CA0119.namprd05.prod.outlook.com (2603:10b6:803:42::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.6 via Frontend Transport; Fri, 15 Jan 2021 17:21:56 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: bdaa0231-264d-49d5-0c18-08d8b97a0f70 X-MS-TrafficTypeDiagnostic: SA0PR12MB4383: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5gyvlzxsKNxA66bA0q/m8onDBF7aOcc6UEkXO8gVkkSw17OVR7f2znaio+u/ewTCjQalvU3NQ+KL4dvT3hcHeLDiyO9XYw6JZ5ZmmW9uRltFa3cypR0GmU7OTPacjetBSm8HmVQw8uY9GYKPclpwDui0Lcg2M8FlCo9RUvUumh3Afs6cjp22atLMIevP865rCgR50otLGONQwv86bIS64+tDj0q0VtEEYleCy+FWumb+7G3kP/enhKgVKVKI7W0XAGKL6cWp1hZqEsgKy5JSrOOpRbZPQLO+rjT6VoVMdJahGlAZdh5HnGCIjpLQgTqHAIY9/RS7RNJY68GvPu8SM/NWgH8x9ahBhFfHK0MqNjOgjP0OGOU1Zh7zU4pSH1w9mDz05GiNKrRSZQLeDpEAjw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN1PR12MB2560.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(7916004)(4636009)(396003)(136003)(39860400002)(376002)(366004)(346002)(4326008)(956004)(16526019)(33716001)(7416002)(316002)(44832011)(83380400001)(478600001)(52116002)(9686003)(6666004)(66556008)(103116003)(66476007)(8936002)(26005)(16576012)(6486002)(8676002)(186003)(86362001)(2906002)(5660300002)(66946007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?RLwK/tTE2FpHJXyZ0GBWaW0UwYvezm?= =?utf-8?q?mMiz6ToEOpvLfEsHrFc2wZG56W2UpBxBEDy6BaGAHmnhKD1gma2AXfaLToWh42mFl?= =?utf-8?q?maAP1FDflBpm5D440l+KZWH8b2R8RMVkwaQp3fBrCPd8QCiiC6Ok5QStyDj7TopZo?= =?utf-8?q?BMtBSmnyHLKhVaRL6bRF4zLPcxD0bTirzTbuCVD6H4Q/dJaBpMPkDntMYjkLOU95Z?= =?utf-8?q?7A97okUGDqAbGOfJtE8UBYXZgwodvZtd1/NFi6y9SWywWIIBF8WuSVRnlMHfqMNlh?= =?utf-8?q?ZdQcQsf38t2RKrxgkDddX2KSBO3iukys44XvtVZR4lJMnPioR9AkIlWEHnSnSd9wr?= =?utf-8?q?EaaojTbj5vKBksfeZu1925S8tIf9ps1KShEsxm7GM6VuSxUiHzauIq9+sJInxDsYb?= =?utf-8?q?7Vs7IgT5YmvjPlRp9cuhdFORTXS2wNhUYwigT2CWlGqzdjZVSomHmO1XQaHbp2i/b?= =?utf-8?q?W+/EjKy4z+sh8CL6U2F5bSJLZ1AADsqiplOAxoF14pyQ30cYzDnPIPcmBDTO9z7Vj?= =?utf-8?q?viHZWuaMm29v2faYtkv/47kFVmFL1sjS19bgoSno6tyKbeMq/Yhgx1VhQZD3r2bbi?= =?utf-8?q?BYE7zABDm/xsUxTLKbzz0H1BHmVJyYdOIze3WVcahlOzXlkEf9Z/5y/50aUYjcyIv?= =?utf-8?q?sAx2e7ZkxEB7Hh3pxdp61i3x+850uSDiQWOI8jlKAaKTj6zxtl5LN/6jU2qHQfmKO?= =?utf-8?q?a4v/UhZ7Re3P1a4R3E3M3vOJUlR3yFKS3JNqMms+G5h9YLCbApaJm55utaPDqOyE5?= =?utf-8?q?3CpYb6F60VI+eB43HspVql3GhGsV4jdimc5wLwwrCKPBTShH23AgtCg98NtxDaEwg?= =?utf-8?q?tB+oQjW++Qf6gu2/8q6ai0zTf43722SLZhZBnW7CHvx0b95d3R/lMZo5tEoSPwxl7?= =?utf-8?q?QJehEcBS+sc4aQr3VICY7eXdLZgb939g/gPh3apTmopQ1rdtjUDfCENZ7DncRGs?= =?utf-8?q?=3D?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bdaa0231-264d-49d5-0c18-08d8b97a0f70 X-MS-Exchange-CrossTenant-AuthSource: SN1PR12MB2560.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jan 2021 17:21:57.0654 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3UlJZyliUcAi6OsUFT4chUFhXOnBkhuoadQFkPZ0eyOzjboh4sN8pFtNU+seYTVZ X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4383 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Newer AMD processors have a feature to virtualize the use of the SPEC_CTRL MSR. A hypervisor may wish to impose speculation controls on guest execution or a guest may want to impose its own speculation controls. Therefore, the processor implements both host and guest versions of SPEC_CTRL. Presence of this feature is indicated via CPUID function 0x8000000A_EDX[20]: GuestSpecCtrl. Hypervisors are not required to enable this feature since it is automatically enabled on processors that support it. When in host mode, the host SPEC_CTRL value is in effect and writes update only the host version of SPEC_CTRL. On a VMRUN, the processor loads the guest version of SPEC_CTRL from the VMCB. When the guest writes SPEC_CTRL, only the guest version is updated. On a VMEXIT, the guest version is saved into the VMCB and the processor returns to only using the host SPEC_CTRL for speculation control. The guest SPEC_CTRL is located at offset 0x2E0 in the VMCB. The effective SPEC_CTRL setting is the guest SPEC_CTRL setting or'ed with the hypervisor SPEC_CTRL setting. This allows the hypervisor to ensure a minimum SPEC_CTRL if desired. This support also fixes an issue where a guest may sometimes see an inconsistent value for the SPEC_CTRL MSR on processors that support this feature. With the current SPEC_CTRL support, the first write to SPEC_CTRL is intercepted and the virtualized version of the SPEC_CTRL MSR is not updated. When the guest reads back the SPEC_CTRL MSR, it will be 0x0, instead of the actual expected value. There isn’t a security concern here, because the host SPEC_CTRL value is or’ed with the Guest SPEC_CTRL value to generate the effective SPEC_CTRL value. KVM writes with the guest's virtualized SPEC_CTRL value to SPEC_CTRL MSR just before the VMRUN, so it will always have the actual value even though it doesn’t appear that way in the guest. The guest will only see the proper value for the SPEC_CTRL register if the guest was to write to the SPEC_CTRL register again. With Virtual SPEC_CTRL support, the save area spec_ctrl is properly saved and restored. So, the guest will always see the proper value when it is read back. Signed-off-by: Babu Moger --- arch/x86/include/asm/svm.h | 4 +++- arch/x86/kvm/svm/sev.c | 4 ++++ arch/x86/kvm/svm/svm.c | 19 +++++++++++++++---- 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 1c561945b426..772e60efe243 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -269,7 +269,9 @@ struct vmcb_save_area { * SEV-ES guests when referenced through the GHCB or for * saving to the host save area. */ - u8 reserved_7[80]; + u8 reserved_7[72]; + u32 spec_ctrl; /* Guest version of SPEC_CTRL at 0x2E0 */ + u8 reserved_7b[4]; u32 pkru; u8 reserved_7a[20]; u64 reserved_8; /* rax already available at 0x01f8 */ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c8ffdbc81709..959d6e47bd84 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -546,6 +546,10 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) save->pkru = svm->vcpu.arch.pkru; save->xss = svm->vcpu.arch.ia32_xss; + /* Update the guest SPEC_CTRL value in the save area */ + if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL)) + save->spec_ctrl = svm->spec_ctrl; + /* * SEV-ES will use a VMSA that is pointed to by the VMCB, not * the traditional VMSA that is part of the VMCB. Copy the diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7ef171790d02..a0cb01a5c8c5 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1244,6 +1244,9 @@ static void init_vmcb(struct vcpu_svm *svm) svm_check_invpcid(svm); + if (boot_cpu_has(X86_FEATURE_V_SPEC_CTRL)) + save->spec_ctrl = svm->spec_ctrl; + if (kvm_vcpu_apicv_active(&svm->vcpu)) avic_init_vmcb(svm); @@ -3789,7 +3792,10 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu) * is no need to worry about the conditional branch over the wrmsr * being speculatively taken. */ - x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl); + if (static_cpu_has(X86_FEATURE_V_SPEC_CTRL)) + svm->vmcb->save.spec_ctrl = svm->spec_ctrl; + else + x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl); svm_vcpu_enter_exit(vcpu, svm); @@ -3808,13 +3814,18 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu) * If the L02 MSR bitmap does not intercept the MSR, then we need to * save it. */ - if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) - svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); + if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) { + if (static_cpu_has(X86_FEATURE_V_SPEC_CTRL)) + svm->spec_ctrl = svm->vmcb->save.spec_ctrl; + else + svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); + } if (!sev_es_guest(svm->vcpu.kvm)) reload_tss(vcpu); - x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); + if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL)) + x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); if (!sev_es_guest(svm->vcpu.kvm)) { vcpu->arch.cr2 = svm->vmcb->save.cr2;